The Power of Palladium

phriedom writes "Salon has coverage of Palladium which gives first page coverage to the idea that Palladium is designed to kill open source software. My favorite part though is on page two, where the Microsoft apologist says that ones view of Palladium 'depends on what you believe Microsoft's long-term aims are. If you believe it's to stimulate commerce and stimulate security, it's a step in the right direction ...and if you're perhaps given to suspicions that Microsoft always makes decisions with the aim of frustrating competitors of the Windows empire rather than for the good of consumers, you might have a different view of the same architecture.'" Wired also has a story claiming under-the-hood exposure to Palladium, although it doesn't seem to have much information that hasn't come out already. Update by J : Steven Levy's Palladium story, which we linked to in an earlier article, has allegedly been pulled from MSNBC's website. Anyone know if there's a simple explanation of this?

Welcome to Capitalism!

[FortKnox]

first page coverage to the idea that Palladium is designed to kill open source software.

So, lemmie get this straight. MS sees Linux/Open Source Software as a competitor. MS competes with said competitor in order to win more capital.

What's the problem here? This is basic economics 101. You can't complain about it. Remember that Open Source software is very adaptive. There will always be a way for both MS and Open Source to talk to one another. MS will always try to stop open source, cause they see it as a viable competitor. Open Source will survive, regarless. There's no point in whining, nor is there a point to bash MS. Its legal, and its common business sense.

The whole point...

[gilroy]

Blockquoth the FCC's Farber:

"Until we see it, until we actually look at the code, until we go through the whole process and see how the whole system will work, we won't know what it's like."

Is Microsoft going to let us look at the code, to "get under the hood"? It certainly doesn't sound like their usual practice, much less the oritentatiion of Palladium. And if we can't examine the code, if the architecture is kept secret "for security", then how can we tell what's allowed and what's not -- what will be able to run and what will be under Microsoft's thumb -- without buying into the whole system?

Anytime you focus that much control through one agency, you're asking for trouble. Funneling it through a for-profit company is double the risk.

Customers not caring? Ha.

[billatq]

The strongest part of Palladium will be its ability to determine whether a given software application should run on a machine. The system will be shipped with these functions turned off, but "we actually think it's likely that users will say, 'I'm only going to run code that's been signed,'" Biddle says. By "signed," Biddle means that the application has been cryptographically tagged by a "signing authority." The Palladium system would run the code only if the user has approved that specific authority

When Intel came out with the uniquely identifiable number in the Pentium III, of course customers didn't care, right? When I do have to run windows, and need to install drivers, things that aren't signed are generally the things that I need to use! Why in the world would I want any sort of chip that could possibly restrict this sort of thing. This could even be expanded to be "you can't run this code on your machine unless redmond has signed it"

Re:Don't forget the DMCA

It will be ILLEGAL for Open Source to talk with Palladium
unless M$ gives their approval, what do you think the DMCA is for?

Good ploy...

[MarvinMouse]

Well, from the sounds of it. This is a perfect attack on the open source movement.

While absolutely anyone will be able to program code for the Palladium system. Since anyone can have a licence. (I believe Microsoft would let this get by). Only the open source people wouldn't be able to handle the new licence everytime. Thus Microsoft maintains control in two ways.

1. The only main threat to MS's OS monopoly right now is Linux (and maybe a tad bit of Apple, which they own a seat on the board for.) This isn't a huge threat, but if it takes off, Windows loses it's viability. Then MS is screwed. With Palladium, only MS OSes(and MS supported OSes) will be able to handle the Palladium hardware, and the only competition that could potentially cause problems is blocked because it's unreal for it to be signed every single time.

2. If MS decides to spread their wings some more. They will have the ability to put loopholes into Palladium to make it harder for competitors to code. They have done this before with Windows, making changes that purposely are damaging to competitor software (I know, I have had to program around those changes.) I wouldn't be surprised if they used this to accomplish the same thing.

No matter what though, it does show an evil injenuity that I haven't seen from MS since the days of OS/2, and even all the way back to MS/DOS. I guess OS is having the effect of forcing these companies to compete. Since people have realized the software they pay for is as good as software people give away for free. :-)

Re:Good ploy...

[Rick+the+Red]

I don't follow your logic. Linux loses how, exactly? Without the ability to use the Palladium hardware, Linux won't be able to run Palladium software? Unlike today, you mean, where Linux can't run any Windows software anyway. (if you want to share files with MS Office users the answer is Open Office, not Wine)

The only threat here is if the Office files themselves (and things you want to do on the Internet, etc.) require Palladium. But that would lock out more than just Linux users, it would lock out anyone without a Palladium PC, Palladium Windows, and Palladium application(s). So for Palladium to effectively kill open source in general and Linux in particular it will have to become so ubiquitous that everyone needs it even more than they today need Office or IE compatibility. And that will not happen until everyone who is currently happy with their PC, OS, and applications find a good reason to replace them all with Palladium versions, and that won't happen untill Palladium becomes ubiquitous enough to effectively require it, etc. It's a classic chicken-egg problem, and I fail to see the Killer App that's going to make everyone throw away perfectly good computers and upgrade to Palladium systems. It's either everyone upgrades overnight or it fails to take hold.

Even if every new PC sold from now on is Palladium-compliant, what do you do about the installed base? What Killer App makes them all upgrade? If my bank requires Palladium, I'll switch banks; enough folks do that and the remaining banks won't switch to Palladium. If all new CDs require Palladium, the most they can expect of me is that I'll buy a DRM-compliant CD player and use the analog output to "pirate" the music for my car and computers. Lots of people forget that today's cheap analog is far better than the best you could buy at any price 20 years ago; if you don't have super-d-duper amps and speakers you won't notice the difference; you certainly won't notice it in your car at 60 MPH. Hell, most MP3's introduce more distortion in their compression than you'd get taping the analog outputs! Don't fear analog, folks.

So unless you can show me the Killer App, I predict Palladium is as dead as Digital Video Express (Divx, not DivX).

Re:Good ploy...

[kcbrown]

Even if every new PC sold from now on is Palladium-compliant, what do you do about the installed base? What Killer App makes them all upgrade?

Nothing ... initially.

But here's the problem: Microsoft and the hardware manufacturers can introduce Palladium versions of their hardware and software that will interoperate with non-Palladium versions. As long as people don't lose anything, they'll happily buy the new hardware and software. But once enough people have that, they can change the specs. So suddenly, the hardware manufacturers start making Palladium hardware that won't work with non-Palladium operating systems. Since most people by that time will be running Palladium-enabled, signed operating systems, they'll be able to get away with this. They may still offer non-Palladium hardware but they'll charge extra for it.

So now, suddenly, the cheapest hardware out there is also the most restrictive. And again, since most people will be running Palladium-enabled and signed OSes by that time, this won't be a big deal (in fact, most hardware comes with the OS preinstalled anyway, so the issue of Palladium-enabled OSes will be very minor).

And once that happens, hardware that can run Linux and other open source OSes will suddenly get a lot more expensive, which means that those OSes will all but disappear. Eventually the cost difference for "libre" hardware will be higher than the cost of a Microsoft Palladium-enabled OS plus whatever you might install on it for server use, and then Linux will start to disappear from the server as well.

Still think Palladium is dead?

It's always been the same, and always will

[malraid]

Microsoft and most other companies have been trying to do this (and many similar things) for decades, and will continue to do them. Sure MS has the money to do this, but there are limits which even Microsoft cannot surpass. Linux is BIG on the server segment, will Intel and AMD lose their stand in this segment (which tends to be more lucrative than desktop procesors) only to please Microsoft? Not likely. Even if they do, other companies will jump in to fill the void (Transmeta, VIA). I don't approve of it nor will I support it, but I don't think this is the beggining of an "1984"-like world. Just take a look at how long the Win XP authorization scheme remained uncracked

How about this?

[shunnicutt]

First of all, I don't trust Microsoft at all.

Given that, I've read all of these articles floating around and in principle I have no problem with a system of authorized applications.

However, the one thing I haven't seen is any indication that I myself will be able to authorize programs on my own computer. In my opinion, this would allow geeks to play with their own programming, download open source projects, etc. while still enjoying the knowledge that unless a program has been authorized by a signature authority or by themselves, it's not going to get a toehold in their machine.

If I'm beholden to the authorities to approve what I want to use, then I'm never upgrading. If however I'm allowed to authorize anything I might write or download then I don't have an objection to the principle.

The devil is always in the details, however.

code signing

[Satai]

Well, currently, I do already practice a limited form of code signing. When I, on my Gentoo system, type:

# emerge mozilla

part of the process is for portage to fetch a copy of the source code and compare the MD5 signature against the MD5 signature that I received from a different location (in this case, the portage / rsync mirrors. This actually bit me once, when I submitted a package that retrieved a dynamically created .tar.gz from a CTAN mirror - the MD5's never worked!) Does this protect against a dedicated hacker? No. But, in the recent BitchX scandal, it was noted that the MD5 digest in gentoo was for the tarball without the backdoor. I know that many distributers and packagers (RedHat springs to mind most readily) utilize GPG/PGP signatures on disc images and packages, which further derails crackers, as the public keys are kept by a central authority. FreeBSD uses a checksum, like gentoo, as well.

Microsoft is not alone in this initiative - and if the article is right when it says MS will be out of the code signing business completely, this might help the situation. But I really don't see them being all that friendly to non-partnered code-signers.

Ha ha

I read it. It's silly. They're implying they will allow non-microsoft operating systems to use their palladium stuff.

But they clearly couldn't allow open source operating systems. So who does that leave? There are no other x86 operating systems to speak of except the open source ones, unless Palm for some reason decides to do a BeOS revival. Maybe MS will release a doctored version of freebsd with all the crucial kernel bits closed-source just to prove look, we're leteting competitors in? And what would be the point of offering Palladium tech licensing to other operating systems, when you couldn't run Palladium software anyway (because the Palladium software is win32??)

*Could* they allow open-source operating systems? How could Palladium chip manage to function when the operating system has been altered specifically to allow you to run things without consulting the Palladium chip? Does the Palladium chip refuse to let the machine boot unless the operating system itself has been signed? How does it read the disk to see if the operating system is signed without letting the operating system partially boot first? Please explain.

Yeah, yeah, DMCA, whatever. There's a limit to what the DMCA can do before it gets hauled into court and struck down. The general public can't understand all this gunk about linux and kernel drivers, but they WILL understand "This law makes it illegal to distribute this 40k file containing a long set of instructions in english, because this other program can convert that set of instructions into a patch for windows that will let you back up files for Palladium-enabled programs in windows." Very few people actually need or want to run DeCSS. If palladium succeeds, lots of people will want to circumvent it.

Is anything above wrong? There ARE reasons to circumvent palladium, right? I think MS's greatest triumph in any case is when they can make it so everyone is talking about their new technology but no one is sure what it is, and that's the case now. Is it or is it not true that Palladium would allow you to create an application that WOULD NOT run unless Palladium were enabled and in control of the operating system? Is it or is it not true that Palladium would create hard disk sectors and third-party peripherals that couldn't be accessed unless Palladium were enabled and in control of the operating system? These news articles are all so vague. Enlighten me.

Re:Palladium's Power: total corporate domination

[saudadelinux]

Actually, the future Accord MT envisions here isn't that far off. See this article from the Washington City Paper (the D.C. futons and kinky personals paper):

http://www.washingtoncitypaper.com/archives/cover/ 2002/cover0517.html

The Big Problem with DRM

[namespan]

The big problem with DRM is the dichotomy between trust and freedom.... if we're going to have signed code and signed media, there's going to have to be some barrier to getting signed. This signing, however, reduces the freedom to release code or media... in effect, restricting ALL expression, not just expression of copyrighted works or viruses.

And if history is any indication, what will the signatory barrier be? Just a "reasonable" fee...

The trust/freedom dichotomy is the biggie. If there were a way to resolve that -- perhaps the "2600 can sign things" idea mentioned -- letting DRM come is not a big deal.

I don't Understand

[Captain+Rotundo]

I admit, I don't run Windows, or IE, I run GNU/Linux and primarily use Mozilla as a browser. I have never been tricked into running "malicious" code. I have never had a virus. I have never had data stolen from me (This presumably has nothing to do with the OS I use, and everything todo with the fact that I try not to be a moron and give my info to any one who asks).

Why do we need all these digital signatures and systems for allowing code to run? I don't have any problems manually figuring out what I think is worthwhile on my system, it all takes place in my head and doesnt require any fancy Linux commands or anything.

I certainly don't have any "spyware" running on my system. Can you MS Windows users tell me, is the world that much different for you? What is it about windows that would make you need all this crap I am doing fine without?

Of course I've only seen one or two unrequested pop-up windows on the web and that was quite a while ago, I hear they are a problem for IE users as well :)

When will we reach the point...

[TheSHAD0W]

...When code will have to be signed in order to run on a processor at all? This seems to be the end of this path, restricting processing to "trusted" applications, all in the name of intellectual property rights. Linux? Ha. Only Windows is allowed on our hardware, because other operating systems are havens for software and media pirates.

Once code verification has been inserted into the CPU, arranging it so code HAS to be signed in order to be parsed. What happens when laws are passed requiring all CPUs faster than X gigaflops to have mandatory code verification?

Can we trust Microsoft?

[Futurepower(R)]

The title of the article says, "Can we trust Microsoft's Palladium?"

This question can be answered merely by shortening the title: "Can we trust Microsoft?"

Ummm no thanks....

[jrnchimera]

I will not run an OS that allows this to happen..

TCPA / Palladium will also make it much harder for you to run unlicensed software. Pirate software can be detected and deleted remotely. It will also make it easier for people to rent software rather than buying it; and if you stop paying the rent, then not only does the software stop working but so may the files it created. For years, Bill Gates has dreamed of finding a way to make the Chinese pay for software: Palladium could be the answer to his prayer.

The idea that my computer is opened up for vendors to do audits on my software is appalling. I say NO THANKS!

This is BOTTOM UP design (bad, very bad)

[Systems+Curmudgeon]

The idea of Palladium is obviously to design a low level trustworthiness that can be used somehow, or in many ways somehow. To get something useful you need to start defining the problem to solve, and then specify your way down to what's in the chip and the OS. If all that specification were public now, I might believe in Palladium. We can think of a million ways that the software USING this new capability can be compromised. The designers have to start by figuring out, and tell us about, the secure usages first. Microsoft, the author of an operating system (Win 2000) in which you HAVE to have massive user privileges or you won't even know that most software installs are failing due to lack of privilege, is going to give us a trusty capability with enough degrees of variation to be useful? As if!

Appease only part of Hollywood I would think

[ZenBuddha]

Its funny. It says this should appease Hollywood but wouldn't that only mean a part of Hollywood. The part that is worried about losing revenue over pirated material. The other part of Hollywood may be extremely pissed. Who am I talking about, I mean the ones that MAKE the movies. The ones who are switching to open software and open operating systems because they can change it to suit their needs. When filming something that requires Major special effects it often times requires a bit of custom code. Guess if they all move to Linux then they will be ok :)

Re:Details on Palladium from EFF's Seth Schoen...

[ajs]

That's the spin, right? But that statement in no way binds Microsoft to the idea of not suing the pants off of Linus, Red Hat and SuSe the moment Linux uses MS-patented DRM techniques (e.g. makes use of the DRM hardware in a Pd motherboard).

Worse: Microsoft's SMB subsystem could stop accepting data from non-DRM-friendly servers or clients at any time. When that happens, since Samba cannot do the DRM without violating the patent, everyone running Samba loses.

It's not so much that Pd v1.0 will hose Open Source. I give MS credit for being much smarter than that. I think it will be an early service pack that addresses "security concerns" that starts to cause small problems for "non-trusted" systems and software. Then, a new "high security" IIS release will start to bounce non-IE browsers (or at least that's MS' counter-threat to AOL who is currently threatening to take a huge chunk of the browser market away by releasing a Netscape-based AOL).

This will be the tool that the marketing types use in the next round of platform wars. They would be stupid not to use it. It is incumbent on us to find a way to stop that before it becomes an option.

what if palladium breaks? and other thoughts

[klparrot]

Okay, for the sake of argument, let's just say Microsoft doesn't have an ulterior motive for introducing Palladium. Not that I believe that for a second, but bear with me.

What if someone cracks the security on it? There will be millions of people who were trained into thinking "Palladium will protect my data, I don't have to worry about it." Suddenly, they'll have all their data exposed to some script kiddie, because "it's fine to share your entire hard drive on the internet; Palladium means nobody will be able to read it anyway."

Also, what about the extra cost we'll have paid all along for Palladium-enabled hardware? What a waste! Wait for the lawsuits.

I can only hope that Apple doesn't join in; right now, it's the only other "mainstream" option out there (i.e. I doubt I could convince my mom that she needs a Sun box). We need to keep a non-Palladium option open, one that regular users won't be afraid of. That's the only way we have any hope of avoiding Palladium (if M$/Intel/AMD keep pushing ahead with it).

How long before an undernet develops, with just open-source non-Palladium software and hardware? It'll be the Internet for the /. crowd.

Palladium explained.

[Alsee]

Either (A) you have an odd sense of humor, (B) you don't understand Palladium.

Palladium is build on "trust". Not your trust in something, but Microsoft's (and other company's) trust in what the computer/software WILL NOT LET YOU DO.

The first layer of trust is trusting the hardware. The hardware then checks if it can trust the operating system by making sure it is cryptographicly signed. The hardware/operating system then check if they can trust a program by checking that it is also crypographicly signed. Without a valid cryptographic signature the Palladium hardware shuts down and cripples the system.

A quote from the article you linked to "The main consideration for Microsoft, said Juarez, will be integrity (of the Palladium software)". The integrity of the software lies completely in controlling what software gets signed. "That is where we will make our stand. We will not sacrifice integrity of the Palladium platform" - that flat out means that Microsoft WILL NOT give up control over what does and does not get signed. At MOST they will assign that control to a carefully constructed puppet organization.

Some code for non-windows systems will be signed - but only when it suits MS to do so. Sure, MS will create formal "fair" rules where "anyone" can get their code signed because they can't afford to be blatant dictators. You'll still have to be a major corporation and agree to play by Microsoft's rules to get your code signed.

The system will be broken in one of the following ways.
(A) the crypographic keys will be leaked/stolen (unlikely)
(B) a bug in the system (MS is known for its bugs, but I think this unlikely also, they will be VERY carefull)
(C) someone tricks MS into signing code with a backdoor/trojan (difficult and the certifacation process to get signed will be quite costly)
or
(D) in my oppinion the most likely place Palladium will be broken is at the first layer of trust - the trust they place in the hardware.

The chips circuitry can be scanned and analized. The hardware can be hacked to change data/code on the fly. The hardware can be simulated in software. These things are not easy, but they can be done. Therefore they WILL be done.

-